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We present a concurrent operational Petri net semantics for the join-calculus, a process calculus for 
specifying concurrent and distributed systems. There often is a gap between system specifications 
and the actual implementations caused by synchrony assumptions on the specification side and asyn- 
chronously interacting components in implementations. The join-calculus is promising to reduce this 
gap by providing an abstract specification language which is asynchronously distributable. Classical 
process semantics establish an implicit order of actually independent actions, by means of an inter- 
leaving. So does the semantics of the join-calculus. To capture such independent actions, step-based 
semantics, e. g., as defined on Petri nets, are employed. Our Petri net semantics for the join-calculus 
induces step-behavior in a natural way. We prove our semantics behaviorally equivalent to the orig- 
inal join-calculus semantics by means of a bisimulation. We discuss how join specific assumptions 
influence an existing notion of distributability based on Petri nets. 

1 Introduction 

Specifications for distributed systems usually employ synchrony assumptions to keep the modeling as 
simple as possible. Properties of specifications cannot be reused for real implementations, because com- 
ponents in a distributed system run concurrently and communicate in an asynchronous fashion. This 
leaves a gap between specifications and implementations. 

Process calculi, e. g., the % -calculus, concentrate on the essential parts in system specifications, keep- 
ing in mind that they represent actual systems. Therefore, they come with a syntax and a semantics to 
describe the behavior of a system as precise as possible. The asynchronous 7r-calculus, a restricted 
71-calculus, tries to reduce the gap between system specifications and implementations. By the asyn- 
chronous 7r-calculus, we are able describe asynchronously communicating systems, but implementations 
still rely on hard to implement constructs, such as rendezvous or leader election |[T6ll . 

The join-calculus by Fournet and Gonthier O is a process calculus equipped with a basic language 
and an abstract notion of computation, the reflexive chemical abstract machine. Fournet and Gonthier 
extend Berry and Boudol's chemical abstract machine [2] by explicit reaction sites - similar to locations 
in distributed systems - and combine the concepts of restriction, reception and recursion in one construct 
called a join definition. By join definitions, they force receptors, i.e., names which are used to receive 
messages, to reside on one location. In contrast, % -calculus allows the use of sent names as receptors 
(cf. scope extrusion) which enables the calculus to describe the concept of mobility, but makes distributed 
implementations of the calculus difficult. 

Still, as many other process calculi, the join-calculus only comes with an interleaving semantics 
which makes it hard to reason about the distributed behavior of processes. Although the join-calculus is 
equipped with a parallel composition operator, it is rather difficult to describe independence of actions, 
whereas other models, such as Petri nets [19], describe independence explicitly. Therefore, we present 
an operational Petri net semantics for the join-calculus taking advantage of the parallel structure to obtain 
a large degree of independence, i. e., concurrency. 
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The general idea of our Petri net semantics is inspired by the work of Busi and Gorrieri [6], where 
they propose a Petri net semantics with inhibitor arcs for the % -calculus. They decompose a % term into 
places and construct the nets by transition rules working on decompositions. They solve scoping issues 
in the 7T-calculus by a global renaming. Our semantics does not rely on such a renaming as we store 
the message scopes in places. As in Busi and Gorrieri's semantics, all necessary information is encoded 
in the initial decomposition corresponding to initially marked places. We concentrate on the core join- 
calculus which is not equipped with an explicit choice. Therefore, we can also abandon inhibitor arcs 
from our semantics. In general, our semantics yields infinite but 1-safe Petri nets. It also comes with a 
bisimulation result to the original join-calculus semantics ensuring the correctness of our approach. 

Petri nets and Petri net related formalisms have already been used to describe the semantics of the 
join-calculus. Buscemi and Sassone propose a type-theoretic approach by suggesting a hierarchy on the 
syntax of the join-calculus J5j. For each level, they prove that, if a join-calculus term is typable, i. e., is 
satisfying a restriction on the syntax, then the Petri net of the join term they construct is bisimilar to the 
original join-calculus semantics. They get place/transition nets by restricting processes to top-level join 
definitions. To handle more expressive join terms, they use colored, reconfigurable and dynamic Petri 
nets. In our work, we cover full expressiveness of the join-calculus by an infinite construction. Bruni et 
al. propose an event structure semantics for the join-calculus [4]. Their main goal is to establish so called 
persistent graph grammars as a tool to describe name passing process calculi. They focus on an encoding 
from the asynchronous 7T-calculus into persistent graph grammars. The unfolding of the grammars yields 
event structures. For the join-calculus they yield event structures with empty concurrency relations. The 
semantics we propose includes concurrency by exploiting the parallel structure of a join term. There 
are also more general approaches which do not give a semantics for the join-calculus, but use the same 
ideas to obtain new Petri net classes. Prominent examples are mobile and dynamic Petri nets by Asperti 
and Busi HI and functional nets by Odersky [18]. Our approach does not aim at extending Petri nets or 
introducing new extensions to Petri net theory. 

Unfortunately, our net semantics yields infinite nets which seems to make it impossible to be useful 
for any real-world applications. Due to nice structural properties of the nets, the semantics could be 
directly used for any unfolding based techniques on Petri nets. One of such applications is model- 
checking. In Petri net unfoldings Q, it is not necessary to compute the potentially infinite structure of 
the net, but make use of a finite representation called prefix. In this paper, we want to investigate the join- 
calculus in terms of distributability. Recent research lfl3l l20l suggest a notion of distributed systems in 
terms of Petri nets and proved a Petri net structure, which refers to symmetric confusion, to be impossible 
to distribute. If our proposed semantics is reasonable and correct, we may argue on the distributability 
of the calculus itself. 

The rest of the paper is structured as follows. Sect. [2] introduces the necessary notions for this paper 
including Petri nets (Sect. l2TTT) and an overview of the join-calculus (Sect. l2T2l ). The following section is 
concerned with the definition of our Petri net semantics for the join-calculus and its correctness results. 
In Sect. |U we discuss a notion of distributability and how the join-calculus influences it. In Sect. [5J we 
conclude our work and give some further research directions. 

2 Preliminaries 

In this section, we introduce the basic notions and concepts used in our net semantics. First, we need the 
notion of multisets. 

Definition 1 (Multisets). Let A be a set. A multiset M over A is a mapping from A to N. For a € A, 
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M(a) = iff a M. Otherwise a G M. Two multisets M\ ,M 2 over A can be unified by l±l. M\ tt)M 2 is a 
multiset where for each a G A, (Mil±lM 2 )(a) =Mi(a) +M 2 (a). 

Whenever / is a function from a set A to a cartesian product n?=o^i> tnen we define the projections 
on the result of / by /' := %\ of, where %i is the projection function on the rth component of the product, 
id denotes the identity function defined on any set. 

In our semantics we need to store scopes for objects. These scopes may be nested. To handle this 
nesting of scope we introduce the notion of stacks - a common data structure also used in compilers. A 
stack may be empty (_L) or filled with elements of an alphabet. It is equipped with three operations. First, 
the push operation adds an element on top of a stack. Second, the top operation returns the top element 
of a stack. Last, the pop operation removes the top element of a stack. 

Definition 2 (Stack). Let E be an alphabet. A stack s over E is either _L or s contains at least one element 
e G E, i. e.„ s = [e,s ! ], where s' is a stack over E. The set of all stacks over E is denoted by The 
following operations are defined on S*z. 

• T : — > E denotes the top element of a stack s with 



Instead of [e\, [e 2 , [• • • , [e n ,-L] • • •]] we write [ei,e 2 , . . . ,e„, _L]. 

Labeled transition systems serve as the common semantic model of both formalisms, Petri nets and 
the join-calculus. It consists of three components, a set of states Q, a labeled relation between states — > 
and a start state go- The labels for so called transitions are obtained from some alphabet E. 

Definition 3 (LTS). A labeled transition system (over £), LTS is a triple, (Q,— >,qo) where Q is a set, 
->C QxLxQ, and q G Q. 

In ifTTI . van Glabbeek gives a huge collection of behavioral equivalences for LTSs. Bisimulation is a 
very strong equivalence taking the branching structure, i. e., the structure of decisions, of a system into 
account. As already mentioned, Petri nets as well as the join-calculus have an LTS semantics. Therefore, 
we introduce the notion of bisimulation. Later in Sect. 13.31 we will prove our semantics introduced in 
Sect. 13. ll to be bisimilar to the original semantics of the join-calculus. 

Definition 4 (Bisimulation). Let Ai = (fii,— h,<7i) and A 2 = (<22> — ^2></2) be labeled transition systems 
over some alphabet E. A relation M C Q\ x Q 2 is called a bisimulation between Ay and A 2 iff 

• (?1>92) G M, 

• if (p,q) G St and p Ai p', then there exists q' G Q2 such that q A- 2 q' and (p' ,q') G ffl, and 

• if (p,q) G & and q A 2 q', then there exists p' G Q\ such that p Ai p' and (p 1 \q') G M. 
If such a relation exists, then A 1 and A 2 are bisimilar. 




• |: S^z xl^ S^y. denotes the push operation. For a stack s and a symbol e, s \. e := [e,s]. 

• f : J?£ — > S^y. denotes the pop operation. For a stack s, 
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2.1 Petri Nets 

Petri nets were first introduced by Carl Adam Petri [19]. Petri nets are directed bipartite graphs with 
places drawn as circles and transitions drawn as boxes. Places and transitions are the nodes of a net. 
Directed edges called arcs, either connect places with transitions or transitions with places. An example 
is depicted in Fig. [5] We assume a universe of places denoted by 3 s . We later specify to meet the 
purposes of our semantics. The set of net places is a subset of As in labeled transition systems we 
have a fixed alphabet £ for transition labels representing the actions of a system. In contrast to classical 
net definitions, we directly encode the set of arcs into transitions. 

Definition 5 (Net). The tuple N = (P,T) is called a labeled net over I iff 

• P C is a set and 

• rc2 p xlx2 p . 

The label %2(t) of a transition t is also referred to as l(t). Here, / is implicitly given and not a part 
of the net definition. The preset of a transition t is denoted by *t := Tt\(t), the postset of t is denoted by 
t* := Ttj,{t). Pre- and postsets of places are defined by 'p := {t G T \p G t'} and p* := {t G T \p G *?}. 
The arc relation is obtained by F = {(p,t) G P x T \p G *t}U{(t,p) G T xP\p e t"}. 

A net is called finite iff (PUT) is finite. Otherwise, the net is called infinite. 

The potential state of nets is described by markings, which are multisets over the set of places. 
Tokens, drawn as black dots (cf. Fig. [5]), represent the number of places in a marking. These states may 
change by firing transitions. Transitions are enabled iff there is at least one token on any input place 
p s't. An enabled transition may fire, which means that it consumes one token from each input place 
and produces one token on any output place p £t°. This procedure is formally defined by the firing rule. 

Definition 6 (Enabledness, Firing rule). Let N = (P, T) be a net and let m : P — > N be a marking of N. A 
transition t 6 T is enabled under m, written m[t), iff m(p) > for all p £'(. An enabled transition t G T 
may fire. The successor marking ofm by firing t is m' , written m[t)m' , with 



Petri nets are nets with an initial marking mo corresponding to the start state of a net. 

Definition 7 (Petri net). The triple N = (P,T,mo) is called a Petri net iff (P,T) is a net and mo is a 
marking of (P,T). 

A marking m is reachable in a net = (P,T,mo) iff there exists a sequence of transitions t\,...,t n 
(fi G T) such that mo[?i) . . . [t„)m. The set of all reachable markings of ./V is denoted by Reach(N). By 
relating reachable markings we derive an LTS from a Petri net. 

Definition 8. Let N = (P, T,m ) be a Petri net labeled over L. The LTS of N is defined by LTS(A^) := 
(Reach(N), — S m o) where 

• — yC Reach(N) x L x Reach(N) and 

• (m,a,m') G — >■ iff there exists ? G T with m[t)m' and /(f) = a. 
Instead of (m,a,m') G — ► we often use the abbreviation m — > m' . 



m'(p) 




+ l if P e(f\'t) 
- l if>e(VV) 



else. 
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P ::= | x(v) | P|P | defx{u)\y(v) >P\nP 
Figure 1: Syntax of 

2.2 Join-Calculus 

The join-calculus O is a process algebra describing the model of the reflexive chemical abstract machine 
based on Berry's and Boudol's chemical abstract machine [2j. One of the reasons for the development 
of the join-calculus was the difficulty to actually implement distributed CCS or distributed 7i-calculus. 
In comparison to the 7i-calculus by Milner lfl6l . the join-calculus combines restriction, recursion and 
reception in one construct called join definition, forcing receptors to reside on one location. Hence, it is 
not possible to extrude a name and use the same name for reception. Fournet and Gonthier [9] identified 
a strict subset of the join-calculus which is proven to be as expressive as the full calculus. This subset is 
called core join-calculus. This section and our Petri net semantics is based on the core calculus. 

For further notions, we assume an infinite set of names Jf . The syntax of the core join-calculus is 
defined in Fig. [TJ stands for the null process, a process with no behavior. x(v) represents output mes- 
sages. As in the 7i-calculus, x stands for the channel name and v is a value passed through x. The parallel 
composition of two processes P and Q is denoted by P \ Q, where P and Q work independently. The last 
syntactic element is the definition, defx(w) \y(v) > Q\nP. Definitions combine restriction, reception of 
names and recursion in one construct. x(u) \y{v) is called the join-pattern. x(u) \ y(v) > Q is called the 
join definition or, together with a process P, the enclosing definition of P. We denote the set of all join 
definitions by Ss. P is the enclosed process. The set of all core join terms is denoted by J° C ore- 

Variables in a join-term are partitioned into three categories which are not necessarily disjoint. The 
free variables (fv) are those being visible to the environment. Defined variables (dv) are variables bound 
to a join definition, i.e., those channels that are processed by a definition. Received variables (rv) are 
only locally bound to new processes resulting from the application of join definitions. These three sets 
are defined in Fig. [2] (cf. 00). 

We use Ofyj Cdv? <?rv to denote a renaming on the set of free, defined and received variables. 

The core join-calculus has its roots in an abstract machine called the reflexive chemical abstract 
machine. Instead of specifying a set of reduction rules, the chemical abstract machine first defines a 
structural congruence and, on top of that, there is only one reduction rule. In process calculi this method 
is adopted to reduce the number of rules for a structural operational semantics significantly. As we want 
to use the structural operational semantics to define labeled transition systems of the core join-calculus, 
we first need the structural congruence of core join terms. The congruence defined in Fig. [3] is reduced 
to the core join-calculus (cf. ll8l). 

From the structural congruence we observe that it does not matter what the exact defined variables 
are. In consequence, we may rename them. We thereby need to make sure that all occurrences of defined 
variables in the enclosed process are renamed as well. Later, our semantics will keep track of definitions. 
To make sure that there are no name clashes, we introduce a minimal notion of normality on which we 
rely. Our normality criterion is concerned with join definitions occurring in parallel, i. e., definitions 
D\, . . . ,D k in processes of the form, 

defDi inPi | ... | deW k inP k . 

Definition 9 (Normality of J? core)- We call a process P G J? core normal if for all definitions D,D' oc- 
curring in parallel in P, it holds that dv(D) n dv(D') = 0. 
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fv[x(vi,...,v„)] = f {x,vi,...,v n } 

fvfdefDinP] = f (fv[P]Ufv[D])\dv[D] 

W[P\P'} D ^ fv[P]Ufv[P'] 

fv[0] °=i f 

fv[J>P] °= dv[/]U(fv[P]\rv[/]) 

dv[J>P] D = dv[/] 

dv[x( yi ,...,y n }] °=i f {x} dv[/|/'] °= dv[7]Wdv[/] 

rv^x,...,^)] °= {y u ...,yn} ™[J\f] ^ rv[7] W rv[/] 



Figure 2: Free, defined and received variables of ^ C ore terms 

P|0 = P 

P\Q = Q\P 

(P\Q)\R = P\{Q\R) 

P| def Ding = defDinP|<2 if fv(P) n dv(D) = 

defDindefD'inP = defD' in def DinP if fv(D) nfv(D') = 

defDinP = defDOd v inPOdv if Odv injective 
def D'mP = def Da rv in/ 5 if a rv injective 

Figure 3: Structural congruence on ^ C ore 
(Join) x(s)\y(t) > R[s/u,t/v] 



(React) 



defDinPhA defDinP' 



(ParI) (Par2) 



P\Q^P'\Q P\Q^P'\Q 



,x P^P',dv(D)nfv(D') = 
(JUMPl) ' ^ — 

defD'inP^> defD'inP' 



(Jump2) 



Ph^P' 



defDinP^* defD'inP' 



p ^j,p' p = n P P' P = 
(STRUCTl) -2 (STRUCT2) 



Figure 4: Labeled transition semantics of 
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We define the semantics of core join processes by their labeled transition systems respecting the 
reduction semantics given by Fournet [8 ]. In Fig. |4l we extended Fournet's semantics by an extra type of 
labeled arrows which represent the T-labeled steps in Fournet's semantics. describes potential steps 

over D, while \—> describes actual reaction steps. We extended the original semantics to make the LTS 
of join comparable to the labeled net semantics we propose in Sect. [3] 

Definition 10 (LTS of ^ core ). Let P € J? core- The labeled transition system ofP is 

LTS(P) :=Uc 0re ,^,P) 

where i — ►C ^ con x Q x J! core is the smallest relation respecting the structural operational semantics 
in Fig. |U 

In general, this labeled transition system is infinite and has unreachable parts. The JOIN rule reveals 
potential reactions. The actual reaction rule, i. e., REACT, introduces the new arrow type. Only if P has a 
potential D step to P 1 , then the reaction actually takes place. For the remaining rules we have one for the 
potential arrows and one for the reaction arrow. The Par rules work as expected. A join definition can be 
skipped if a reaction has already taken place, i. e., JUMP2, or the potential step D does not interfere with 
other free variables, i. e., as in J1JMP2. The Struct rules refer to the structural congruences as defined 
in Fig. [3] For a better understanding of the labeled transition semantics we give two examples. 

Example 1. Consider the process P = def x(m) \y{v) > u(v) \nx(k) \x(j) \y(2). For simplicity, we use the 
definition variable D = x(u) \y(v) > u(v). Intuitively, P has two possible executions. First, x{k) and y(2) 
react with D or second, x(j) and y{2) react under D. In both cases, one message x(_) remains in the 

process. As x(j) \y(2) potentially react with D, the rule JOIN tells that x(j) \y(2) — > j(2). Now, REACT 

can be directly applied, i.e., def D\nx(k) \x(j) \y{2) 1 — > def D'\nx(k) \j(2). From there on, there is no 
other step possible. The second execution can be obtained by the use of StructI. We needed x(k) 
and y(2) in parallel. Due to commutativity and associativity of the parallel operator, this is possible. 
Therefore, by StructI we obtain x{k) \ x(j) \ y(2) —t k{2) \ x{j). Again, we may apply REACT to 

get the actual reaction, i.e., defx(w) |y(v) > u(v)\nx(k) \x(j) \y(2) t—t defx(w) \y{v) > u(v) \nk(2) \x(j). 
These are the only 1 — >-steps. So, the LTS of P is a choice between the message j(2) and k(2). 

In the last example we already saw how JOIN, REACT and STRUCT are applied. The application of 
the Par rules is as expected. The next example considers a process where both Jump rules are applied. 

Example 2. Consider 

P = defx(w) \y(v) > u(v) in defa(v) > v() injc(a) \y(2). 

Again, we abbreviate the definitions occurring in P, i. e., D\ = x(u) \ y(v) > u(v) and D 2 = a(v) > v(). In 
a first step, we need to identify the potential steps of P. Considering P, there is only one potential step 

that matters, namely xia) |y(2) a(2). With that knowledge we can apply JumpI, because dv(Di) n 

fv(D 2 ) = 0. This yields the following arrow, defD 2 inx(a) |y(2) -^h defD 2 ina(2). The REACT rule 

does the rest, i. e., defD\ in def D 2 inx(a) \y(2) \— ^ def Di in defD 2 ina(2). We are almost done. The 

React rule exhibits the next arrow, def D 2 ina(2) h— ^> 2(). To transfer this result to the whole process, 

we apply Jump2, i. e., def Di in def D 2 ma{2) h^> def Di in defD 2 in 2() . 

Note that this example is similar to the one at the beginning of Sect. [3] For discussions on the 
distributability of the join-calculus in Sect. 01 we need to mention the notion of locality. In the join- 
calculus, receptors must reside on one location, i. e., they cannot be extruded to more than one location. 
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Therefore, a join definition J>P can be seen as such a location and hence, a location function is implicitly 
given in core join. We assume each join definition appearing in a join process, either directly or by 
reduction, to constitute a location. This is an approximation, because system modelers might summarize 
several join definitions to one location. To express this freedom, a distributed version of the join-calculus 
has been developed. The distributed join-calculus ifTOll employs explicit location functions and comes 
with a fully abstract encoding into the join-calculus. However, we concentrate on the core join-calculus. 
For later discussions, we rely on the above mentioned assumptions on locality. 



3 Petri Net Semantics for Join 



The semantics operates in two steps. First, the join term is decomposed into an initial set of places. Each 
place is equipped with a message term of core join, e. g., x{v), and the scopes of x and v, because both 
names may have their individual scopes. Example [3] shows the need for both scopes. 

Example 3. 

P = def ^(v) \y(w) > v(w) in def a(v) > \nx(a) \y(2). 

Di D 2 

In P, we have six names: a,2,x,y, v, w. While x and y are defined by D\, a is defined by D2 and 2 is 
free. The names v and w are received variables and do not occur in a message. Here x(d) has the same 
scope as x, but a is scoped by D2. So after a Di step, there is a message a(2), which may react in D2. 
Therefore, each place is equipped with both, the scope of the sender and the scope of the sent name. 

The decomposition yields only places for message terms. Parallel compositions and join definitions 
are represented in the net structure. 

The second step of our semantics consists of applications of a transition rule which makes use of 
the information stored in places. Given two places representing x{a),y{2) in the example above, our 
transition rule ensures that there exists a transition, labeled by D\, consuming from both places and 
producing to places that correspond to the right side of the reaction rule, i. e., the decomposition of v(w), 
where v is mapped to a and w to 2. The just described decomposition yields a place a (2) which can react 
in D2 producing no new messages. The Petri net representation of Example [3] is depicted in Fig. [5] 



x(a) 




y(2) 



Figure 5: Petri net semantics of P in Example [3] 



Note that, although we exploit the parallel structure of a process, join definition applications are only 
unfolded. Therefore, our semantics yields in general infinite net representations. 
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3.1 Operational Semantics 

Our Petri net definitions in Sect. 12.11 left two main points open, which need to be defined in advance. 
First, the universe of places & and second, the set of transition labels E. As already mentioned in the 
last section, places are triples. The first component is a join message, e. g., x(v). The second and third 
components are stacks over the set of join definitions 3). The first stack represents the scope of the sender 
name, the second stack that of the sent name. 

& := {x(v) \x,v £^}xj^x^ 

denotes the universe of places. Labels for transitions are join definitions, i. e., £ := Qs. In Fig. [5] we have 
labeled each place with the message it represents. 

The decomposition function returning sets of places for core join terms needs to be equipped with 
an auxiliary function to manage the name scoping. In the following, such functions are referred to as / 
or f±. f maps names in JV to names in JV and stacks over @, i. e., / : jV — > (Jf x 5?®). For n 6 jV, 
f l (n) represents a certain renaming of n (cf. Definition [T2l). f 2 (n) stores the scope of f l (n). Initially, 
we use f± with f±(n) := (n, _L) (n € jV). 

During the application of the decomposition, it is necessary to alter the scopes for names. For this 
purpose, we use a special function g n operating on any / : jV — > (jf x =5^). This function shall reduce 
the stack of n by one element. g„(f) : jV — > (jV x 5?$) works like / if the parameter is not n. Otherwise, 
it returns what / returns, but the stack component is reduced by one element, i. e., 



?«(/))« 



(idx|)o/(x) x = n, 
f(x) otherwise. 



The decomposition function dec is defined inductively over the structure of core join processes. 

Definition 11. The function dec : (j? C ore x {yW — > x ^s>))) 2^ is called decomposition function. 
For all x, v G jY , P,Q£ ^core, D <G S>, and / : {,yV — > (jV x 5?$)) the decomposition is defined by 

(0,/) ^ 0, 

f dec(x(v),g x (f)) f(x)$dv(f(x)T) 
(x(v),f) ^ { dec(x(v),g v (f)) f(v)?Mf 2 (v)T) 
( {(f l [x(v)],f(x),f 2 (v))} otherwise, 

(P\QJ) ' y dec{PJ)mdec{QJ), 

(defDinP,/) ^ dec(P, (idx ID) of). 

Note that the decomposition always yields finite sets of places. The process yields the empty set 
of places. The result of the decomposition also corresponds to markings. Here, the empty marking 
represents exactly what we expect from the behavior of 0, i. e., no behavior. The decomposition of the 
parallel operator is represented by the disjoint union of both components. So, even two equal messages 
running in parallel are decomposed into two places. Therefore, we use the equality symbol = as equality 
up to isomorphism, when we refer to decompositions or markings of the resulting nets, respectively. In 
the decomposition of join definitions, we need to adjust the renaming function /, which also handles 
the scoping of names. A join definition is decomposed as P, but the renaming function is extended by 
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(id x ID), meaning, that each name now has a new scope, in particular D and all other definitions which 
were already stored in /. 

The decomposition of messages x(v) does the main work, because it handles the scopes of x and v. 
By several applications of g x and g v , it assigns the correct scopes to the resulting place. Note that we 
assume n G dv(_L) for all n G jY '. 

The recursive application of dec eventually terminates, because in each step, the terms in the de- 
composition get smaller. Either a parallel operator or a join definition is removed. Decompositions of 
messages also terminate, as the stacks for sender and sent name are reduced by one element as long as 
they are not empty or the queried name occurs in the set of defined variables. One of the two possibilities 
holds eventually. 

Given a core join process P. The decomposition of P yields the set of initially marked places. The 
behavior of P is not mapped to the semantics yet. Instead of giving an algorithm to construct a net, we 
give a rule that must be satisfied by a Petri net to be the semantics of P. To reflect the labeled transition 
semantics of the core join-calculus, we need to ensure that definitions can be applied, i. e., transitions 
may fire, if their preconditions are satisfied. Definitions have the form x(u) \ y{v) > Q, where a process 
must be able to send messages over x and y to perform the definition, i. e., create a new process Q instan- 
tiated with the received variables. As our places carry the necessary scoping, we use that information in 
Definition [12] A transition consuming from the preconditions of a join definition it represents is forced 
to produce to places to which another transition does not produce. By this, we reach that places never 
branch backwards, an important condition discussed later in Sect. 13.21 Furthermore, a transition must 
not produce to the initially marked places. By this, we obtain an acyclic structure, i. e., bounded places. 
Indeed, the transition rule and the nature of our decomposition function ensure our Petri net semantics to 
yield 1-safe Petri nets. 

Definition 12. Let N = (P,T,mo) be a labeled Petri net over N satisfies the transition rule iff 

for every two places p,q G P with 

• p = (x(a),s,s a ), q = (y(b),s,s b ) and 

• sT =x{u)\y{v) > R, 

it holds that there exists a transition t G T with 

• t=({p,q},x{u)\y(v) >R,P'), 

• P / nm o = 0and , P' = {f} 

where P' = dec{RJ t ) and f t : {Jf x y s ) with for n G jV 

{(a,s a ) n = u, 
(b,s h ) n = v, 
(n,s) otherwise. 

In the transition rule, renamings encoded in f t become important. As it is possible to have equal 
names with different scopes, a reaction, i. e., a transition in our nets, needs to respect the scopes although 
the names are equal. Therefore, we postponed the renaming in the decomposition function to the end of 
the procedure. Consider Example 0] as an illustration. 
Example 4. 

Q = def a(k) \b(k') >k()\k'()\nb(c)\ defc() >0ina(c). 

Q contains two names c with different scopes. The c sent over b is free in Q. The c sent over a is defined. 
Our construction respects both cs via f t . Instead of renaming the resulting process, here k() \kf{), to 
c() | c() first, we decompose the right side of a join definition and apply the necessary renaming afterward. 
Therefore, our semantics is able to distinguish both variables c. 
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Given a core join process J. To construct the Petri net semantics for J, we begin with the set of 
initially marked places. This set corresponds with the initial decomposition, i.e., dec(J,f±). If there 
are no applicable definitions in J, the net construction is finished. Otherwise, there must be at least two 
places violating the just defined transition rule. In order to satisfy the transition rule, we add a transition 
and a set of places as described in Definition [12] We repeat this procedure until the net satisfies the 
transition rule. The resulting Petri net represents the semantics of J. 

Definition 13. Let J G ^core be some core-join process. The Petri net N(J) = (P, T,mo) represents the 
semantics of J if it is the smallest Petri net satisfying 

1. mo = dec(J,f^) C P and 

2. the transition rule. 

In this section, we have already seen an example (Example [3]> and its Petri net semantics in Fig. [5] 
Note that the procedure described above yields exactly those nets satisfying Definition [13] The criterion 
asking for the smallest net ensures that dead transitions and isolated places are left out. 

3.2 Structural Properties 

In this section, we investigate the net class of our Petri net semantics, i. e.,l-safe Petri nets. This net class 
restricts all places to contain at most one token for any reachable marking, especially the initial marking. 
As our decomposition function relies on disjoint unions, initial markings in our nets are 1-safe. 

In order to show the net class, we prove the following properties, also valid for occurrence nets iTTTl . 

Proposition 1. Let J £ J? core be a process. N(J) = (P,T,mr,) satisfies the three criteria below. 

1. For all p £ nir, it holds that 'p = 0. 

2. For all p £ P it holds that \'p\ < 1. 

3. F + (transitive closure ofF) is irreflexive. 

The first property states that there are no transitions in the net producing tokens to initially marked 
places in m®. The second states that there is always one and only one reason, i.e., a transition, that 
produces a token to a place. The last one is concerned with cycles in the net structure. 

Proof. Let J £ J? core be a process and N(J) = (P, T, mo) its Petri net semantics. 

1. We need to show that for all initially marked places, i.e., p E mo, it holds that their presets are 
empty. As N(J) needs to fulfill the transition rule (Definition [121 . there is no transition t £ T 
with *t ^ and t' Pi mo 7^ 0- If there are transitions t with *t = producing to mo, then N(J) is 
not the smallest net after Definition [13] Therefore, there is no uansition producing the mo and in 
consequence, the claim holds. 

2. We need to show that for all places p £ P, there is at most one transition t £ 'p. By Definition [12] 
N(J) needs to satisfy the transition rule. From[T]we know that the claim holds for initially marked 
places. For any other place p, we need to show that there are no two transition t,t' £ T with 
p G t* C\t". From the transition rule we follow that Pi = t* and P2 = t". The transition rule also 
ensures that 'P\ = {t} and 'P2 = {?'}. If p was in Pi and in P2, then Pi = P2 and in consequence 
t = t' . Therefore, \'p\ < 1. 
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3. We need to show that there are no cycles in our net representations. By the net construction, we 
prove that our nets do not introduce cycles. Starting with the set of initial places, the transition 
rule can only introduce transitions producing to places which are not initially marked. Otherwise, 
this would contradict Q] Let p be an arbitrary place in the net. From some place in mo to p are no 
cycles in the net. Let Q be the set of all places between mo and p. A transition t consuming from p 
produces to a set of places P' . We need to show that P' is disjoint from Q. Assuming, P' n Q ^ 0. 
So, there is a place q G Q which is also in P' . q cannot be in the set of initially marked places. 
Therefore, there exists a transition t q producing to q. Now, *q = {t qi t} which contradicts |2j unless 
t ^ t q . Therefore, F + is irreflexive. 

□ 

Proposition Q] enables us to show that our net semantics produces 1-safe Petri nets. We use the fact 
that max{mo(/?) | p 6 P} < 1, for all / € J? C ore with N(J) = (P,T,mo). Furthermore, we have already 
proven that there are no cycles in our net semantics and for each place, there is at most one transition 
producing to it. Therefore, we can formulate the following corollary. 

Corollary 1. Let J € J? core be a process. Then N(J) is 1-safe. 

The proof follows directly from Proposition [T] For further discussions we introduce the notions of 
causality, conflict and independence on the basis of Petri nets. 

Definition 14. Let N = (P, T, mo) be a Petri net and t\ , t 2 € T . t\ and t 2 are said to be in causal order, t\ 
before t 2 , iff there is a reachable marking m\ with mi[ti)m 2 and a reachable marking m 3 from m 2 with 
msfa) but no such markings which enable t 2 first. t\ and t 2 are in direct conflict iff *t\ n *t 2 ^ 0. Two 
nodes n\,n 2 € -PU T are in conflict iff there exist two transitions t,t' G T which are in conflict and there 
exist paths from t to n\ and from t' to n%. Yin\ =n 2 , then n\ is in self -conflict. t\ and t 2 are independent 
(or concurrent) iff they are neither in a causal order nor in conflict. 

Intuitively, the notion of independence describes actions, i. e., transitions, which can always occur 
in parallel. There is a remaining property of occurrence nets which is not satisfied by our nets, namely 
irreflexivity of the conflict relation. This property states that there are no self-conflicting nodes in the 
net. 

The join-calculus semantics relies on the structural congruences of Fig. [3] Therefore, our net se- 
mantics needs to reflect them in a proper way. Indeed, there is a provable correspondence between the 
structural congruences of the core join-calculus and the Petri net representations. We prove that if two 
join terms are structurally congruent, then their net representations are isomorphic. 

Lemma 1. Let P,Q € ^f C ore be processes with P = Q. Then N(P) andN(Q) are isomorphic. 

The proof can be found in the technical report to the paper Ifl5ll . Lemma Q] also has a side effect 
to the following behavioral correspondence. We will show a bisimulation between core join terms and 
their net representations. One of the proof steps is concerned with structurally congruent join terms. As 
isomorphisms imply bisimulation ifTTl . we can assume it as already proven by LemmaQ] 

3.3 Behavioral Properties 

In this section, we will prove that the semantics we presented is correct with respect to bisimulation. We 
already saw LTS interleaving semantics for both, Petri nets and the join-calculus. The states of an LTS 
for a Petri net is described by markings. States of core join LTS are core join terms. We need to find a 
bisimulation C fl con x 2 . Note that any subset of describes a valid marking of a Petri net of a 
core join term. 



S. Mennicke 



143 




h h h 



Figure 6: The confusion pattern M 

Our bisimulation result relies on the observation, that our decompositions yield valid markings of a 
net describing the semantics of a core join term. Each state of a process P is represented by its initial 
decomposition dec(P,f±). When P evolves to P 1 , then our Petri net semantics reflects this behavior by 
a step from dec(P,f±) to dec(P' ,f±), because all join definitions of P are preserved by P' and so, they 
remain on some stack in the decomposition of P' . Conversely, if our net evolves from dec(P,f±) to m, 
then this m must be equivalent to some dec(P' ,f±), i. e., there is a step from P to P 1 . We need to prove 
that this is actually true for all P 6 J? core- 

Using the just described observation, we formulate a base bisimulation as follows, 

m := {(P,dec(P,f ± )) \P £ / core }. 

When considering a process P, then we restrict Si to the reachable parts of P, denoted by Rp := 2% |>, >* . 

Theorem 1. Let P £ J? core- Then LTS(P) and LTS(Af(P)) are bisimilar. 
The proof can be found in the technical report to this paper lfl5l . 

4 Distributability Issues in the Join Calculus 

One of the advantages of Petri net semantics for process calculi is the inherent notion of independence. A 
set of independent actions, i. e., the labels of independent transitions, is called a step. A step is enabled if 
all its transitions are enabled. An enabled step may fire. The resulting marking is the same marking as if 
all transitions in a step fired in a sequence. Therefore, if we consider an LTS construction in terms of Petri 
net steps, we do not get more states, but more transitions, because independent actions are summarized 
in multisets. 

The induced steps on the semantics of the core join-calculus correspond to independent join defi- 
nition applications. Chains of join definitions are are translated into sequences of transitions. Our net 
semantics also recognizes definition chains which are actually independent, due to the fact that our Petri 
net semantics respects the structural congruence (cf. LemmaQ]). 

Steps enable our semantics to argue about the distributability of the join-calculus, or more precisely, 
about the distributability of our net representations of the join-calculus. We are interested in a particular 
confusion pattern which is depicted in Fig. [6l This structure is called M. The M was introduced by van 
Glabbeek et al. as a structure which has a major influence to the distributability of a system Ifl3l[l2l . A 
net is distributable if there exists a behaviorally equivalent net which is distributed. Van Glabbeek et al. 
call a system distributed if 

• it consists of components on different locations, 

• the components work concurrently, 
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Figure 7: Petri net semantics of P in Example [5] 

• the components interact explicitly, and 

• communication between components is asynchronous. 

They formalized those criteria in a Petri net class called LSGA nets - locally sequential, globally asyn- 
chronous nets. The crucial point of LSGA nets is that parallel transitions are not allowed to be on one 
location while transitions sharing input places must share one. The M is not distributed as all transitions 
need to reside on one location, but t\ and t$ may fire in a step, i. e., in parallel. Van Glabbeek et al. proved 
that if a net contains a fully reachable M, i. e., there is a reachable marking containing at least the places 
in Fig.|6l then the Petri net is not distributable up to branching-time equivalences 1 13]. Schicke-Uffmann 
et al. prove that the M is not distributable in terms of causality respecting equivalences [20]. Their ar- 
guments depend on the chosen notion of distributed systems and distributability. However, we consider 
these notions as reasonable, because the described points above are important phenomena occurring in 
distributed system design and implementation. 

Therefore, if we identify such a structure in our net semantics, there is a potential restriction on the 
distributability of the join-calculus, i. e., join-calculus processes. 

Example 5. Consider the following process, 

P = def x(u) \y(v) > u(v) \nx(a) \y(l) \x(b) \y(2). 



The Petri net semantics N(P) of process P is depicted in Fig. [7] N(P) contains four Ms as depicted 
in Fig. [6l Initially, the process makes a choice between four different join definition applications. After 
one application, there is only one possibility for the resulting process to apply the join definition again. 
Our Petri net semantics reflects this behavior. 

The net semantics of the process in Example [5] yields an M just like the one in Fig. [6l It is fully 
reachable, as the initial marking enables all four Ms. We observe that all transitions are labeled by the 
same definition. Considering the notion of locality for the join-calculus (cf. Sect. 12.21 ). this structure 
remains on one location, although it contains independent transitions. This fact makes a distributability 
result of the join-calculus incomparable to the results in [13), because van Glabbeek et al. forbid such 
structures on one location. On the other hand, the implicit location function given by join definitions 
gives reason to extend the notion of distributability. 
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In the following, we refer to an M where all transitions are labeled by the same definition as local. 
If all Ms in the join-calculus were local, then the join-calculus would be a distributable process calculus, 
because our net semantics respects the behavior of the join-calculus and van Glabbeek et al. prove that a 
Petri net with no fully reachable M is distributable lH4ll . The following proposition gives proof for this 
hypothesis. 

Proposition 2. Let J £ ^fcore- IfN(J) contains a fully reachable M, then it is local. 

Proof. We prove the claim by contradiction. Let J € ^core be a process and N(J) = (P,T,mo) be the 
Petri net semantics of J. Assuming Fig.[6]is a part of N(J) and each transition has a different label, i. e., 
l(ti) ^ l(tj) for i ^ j and i,j = 1,2,3. From the transition rule, it follows that all preplaces of a transition 
have the same stack in their second component. Especially, the top element of these stacks is equal to the 
label of the transition. Reconsider Fig. [6] As p G *t\, we know that p = (_, s, _) with sT = 1(h). p 6 *?2, 
so p = (_,$',_) with s'T = l(ti)- But, by construction, this is not possible if l{t\) / Ifa)- Therefore, 
either t\,t2 do not exist or l(t\) = Ifo). The case of t^,h is analogous, i. e., Ifo) = l{h). By transitivity, 
wehaveZ(fi) =l{h). □ 

It is not possible to have an M with different transition labels, i.e., on different locations, in the 
join-calculus. The proof steps make use of a property of the join-calculus which is reflected by our Petri 
net semantics. This property is concerned with the assignment of messages to join definitions, i. e., the 
number of transitions with different labels in the postset of a place. For each join message, there is at 
most one applicable join definition. 

Van Glabbeek et al. lfl3l [T2l [14 1 and Schicke-Uffmann et al. [20] consider unlabeled nets with no 
explicit location function to derive their distributability results. If we consider the join-calculus as a 
distributable process calculus, then it is a natural step to evaluate their results given the assumptions of 
the join-calculus. Best and Darondeau already consider a given allocation function in their survey 
paper to argue on the distributability of Petri nets. 

5 Conclusion 

In this paper we presented an operational Petri net semantics for the join-calculus. We proved that our 
semantics corresponds to structural congruences and the labeled reduction semantics of the calculus. 
Furthermore, we investigated issues of distributability in the join-calculus. 

In future work, we want to understand how an explicit location function, as implied by the join- 
calculus, influences the results of lPT3l l20l . Moreover, we would like to investigate optimizations of 
the semantics to possibly reach finite net representations of join terms. The mentioned applications in 
unfolding based techniques is not discussed in this paper. As our suggested semantics has an unfolding 
nature, it is worthwhile to apply such techniques to the join-calculus by first using our semantics to 
compute the necessary prefixes of a join term. 
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